Page MenuHomeFreeBSD
Files F137194805

D42922.id131063.diff
No OneTemporary
Actions

D42922.id131063.diff
View Options

diff --git a/databases/mysql80-server/files/patch-include_dh__ecdh__config.h b/databases/mysql80-server/files/patch-include_dh__ecdh__config.h
new file mode 100644
--- /dev/null
+++ b/databases/mysql80-server/files/patch-include_dh__ecdh__config.h
@@ -0,0 +1,63 @@
+--- include/dh_ecdh_config.h.orig 2023-12-03 10:42:56 UTC
++++ include/dh_ecdh_config.h
+@@ -38,7 +38,7 @@
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
+
+ namespace {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Following primes are from https://www.rfc-editor.org/rfc/rfc7919#appendix-A
+ */
+
+@@ -257,6 +257,7 @@ bool set_dh(SSL_CTX *ctx) {
+
+ DH *dh = nullptr;
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ switch (security_level) {
+ case 1:
+ [[fallthrough]];
+@@ -275,6 +276,43 @@ bool set_dh(SSL_CTX *ctx) {
+ default:
+ break;
+ };
++#else
++ dh = DH_new();
++ if (!dh) return true;
++
++ BIGNUM *dhp = nullptr;
++ BIGNUM *dhg = nullptr;
++ switch (security_level) {
++ case 1:
++ [[fallthrough]];
++ case 2:
++ dhp =
++ BN_bin2bn(rfc7919_ffdhe2048_p, sizeof(rfc7919_ffdhe2048_p), nullptr);
++ break;
++ case 3:
++ dhp =
++ BN_bin2bn(rfc7919_ffdhe3072_p, sizeof(rfc7919_ffdhe3072_p), nullptr);
++ break;
++ case 4:
++ dhp =
++ BN_bin2bn(rfc7919_ffdhe8192_p, sizeof(rfc7919_ffdhe8192_p), nullptr);
++ break;
++ case 5:
++ /* There is no RFC7919 approved prime for sec level 5 */
++ [[fallthrough]];
++ default:
++ DH_free(dh);
++ return true;
++ };
++
++ dhg = BN_bin2bn(rfc7919_g, sizeof(rfc7919_g), nullptr);
++ if (!dhp || !dhg || !DH_set0_pqg(dh, dhp, nullptr, dhg)) {
++ DH_free(dh);
++ BN_free(dhg);
++ BN_free(dhp);
++ return true;
++ }
++#endif /* !defined(LIBRESSL_VERSION_NUMBER) */
+ #else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+ dh = DH_new();
+ if (!dh) return true;
diff --git a/databases/mysql80-server/files/patch-vio_viossl.cc b/databases/mysql80-server/files/patch-vio_viossl.cc
deleted file mode 100644
--- a/databases/mysql80-server/files/patch-vio_viossl.cc
+++ /dev/null
@@ -1,30 +0,0 @@
---- vio/viossl.cc.orig 2021-12-17 16:07:27 UTC
-+++ vio/viossl.cc
-@@ -45,7 +45,8 @@
- BIO_set_callback_ex was added in openSSL 1.1.1
- For older openSSL, use the deprecated BIO_set_callback.
- */
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && \
-+ !defined(LIBRESSL_VERSION_NUMBER)
- #define HAVE_BIO_SET_CALLBACK_EX
- #endif
-
-@@ -640,7 +641,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, l
- #if !defined(NDEBUG)
- {
- STACK_OF(SSL_COMP) *ssl_comp_methods = nullptr;
-- ssl_comp_methods = SSL_COMP_get_compression_methods();
-+ ssl_comp_methods = (STACK_OF(SSL_COMP) *)SSL_COMP_get_compression_methods();
- n = sk_SSL_COMP_num(ssl_comp_methods);
- DBUG_PRINT("info", ("Available compression methods:\n"));
- if (n == 0)
-@@ -648,7 +649,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, l
- else
- for (j = 0; j < n; j++) {
- SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- DBUG_PRINT("info", (" %d: %s\n", c->id, c->name));
- #else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
- DBUG_PRINT("info",
diff --git a/databases/mysql80-server/files/patch-vio_viosslfactories.cc b/databases/mysql80-server/files/patch-vio_viosslfactories.cc
deleted file mode 100644
--- a/databases/mysql80-server/files/patch-vio_viosslfactories.cc
+++ /dev/null
@@ -1,46 +0,0 @@
---- vio/viosslfactories.cc.orig 2023-11-18 20:56:37.098235000 +0100
-+++ vio/viosslfactories.cc 2023-11-19 09:20:02.284708000 +0100
-@@ -43,6 +43,7 @@
- #include <dh_ecdh_config.h>
-
- #include "my_openssl_fips.h"
-+#include "openssl/crypto.h"
- #define TLS_VERSION_OPTION_SIZE 256
-
- /*
-@@ -417,7 +418,7 @@ long process_tls_version(const char *tls_version) {
- const char *separator = ",";
- char *token, *lasts = nullptr;
-
--#ifdef HAVE_TLSv13
-+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
- const char *tls_version_name_list[] = {"TLSv1.2", "TLSv1.3"};
- const char ctx_flag_default[] = "TLSv1.2,TLSv1.3";
- const long tls_ctx_list[] = {SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3};
-@@ -489,7 +490,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
- ssl_ctx_options = (ssl_ctx_options | ssl_ctx_flags) &
- (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
- SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
--#ifdef HAVE_TLSv13
-+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
- | SSL_OP_NO_TLSv1_3
- #endif /* HAVE_TLSv13 */
- | SSL_OP_NO_TICKET);
-@@ -498,7 +499,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
- return nullptr;
-
- if (!(ssl_fd->ssl_context = SSL_CTX_new(is_client ?
--#ifdef HAVE_TLSv13
-+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
- TLS_client_method()
- : TLS_server_method()
- #else /* HAVE_TLSv13 */
-@@ -513,7 +514,7 @@ static struct st_VioSSLFd *new_VioSSLFd(
- return nullptr;
- }
-
--#ifdef HAVE_TLSv13
-+#if defined(HAVE_TLSv13) && !defined(LIBRESSL_VERSION_NUMBER)
- /*
- Set OpenSSL TLS v1.3 ciphersuites.
- Note that an empty list is permissible.

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 22, 11:23 AM (1 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25958751
Default Alt Text
D42922.id131063.diff (5 KB)

Event Timeline